Most organizations believe they are managing artificial intelligence (AI) because it appears on their risk register. But WTW’s Emerging and Interconnected Risk Survey revealed something surprising: 71 respondents listed AI among their top five emerging risks – yet they used 36 different descriptions. That lack of shared understanding is not a technicality; it’s a strategic vulnerability.
If no one in your organization is talking about the same risk, you are not actually managing AI. You are managing fragments and that misunderstanding can lead to inconsistent governance, uncontrolled exposure and missed opportunities to create value.
AI is not an isolated risk – it is a live, multi-domain disruptor capable of triggering both direct and second-order impacts. One of those AI mentions included the influence of AI on cyber risk. AI and cyber risk are often managed as separate challenges – one as an innovation opportunity, the other as a security threat. In the survey, AI was the top-ranked emerging risk, cyber the leading driver of change over the next two years, and both were highlighted as deeply interconnected across the global risk wheel.
The insight is clear: AI and cyber are not isolated risks. Together, they act as accelerants – creating a risk multiplier effect that traditional, siloed management approach cannot contain. So, in this insight, we examine:
When AI is viewed through a single lens – IT, innovation, or compliance – these connections are missed. That’s where the hidden costs emerge. Successful organizations will recognize that the future of cybersecurity is not about choosing between human expertise and artificial intelligence, but about creating a symbiotic relationship where technology amplifies human capabilities by forging a strong partnership between the two.
Organizations that treat AI as just another line item in the risk register will always be chasing its impacts. WTW’s interconnected risk wheel shows AI’s strongest links are to cyber risk, regulatory change, and economic outlook – but the real danger is in the pathways you haven’t mapped.
These touchpoints are already here. Our speciality experts share their proof in the present views on three interconnected dimensions:
01
AI-powered deepfakes have been used to impersonate executives in phishing attacks, bypassing trust-based security controls. WTW’s Cyber claims analysis report estimates the global average cost of a data breach claim was $3.9m. Research by IBM estimates by adopting security AI and automation the global average cost of a data breach could be reduced by $1.9 million. At the same time, IBM’s latest analysis covers 1 in 6 data breaches involved attackers using AI, with AI-generated phishing (37%) and deepfake impersonation attacks (35%) the most common use-cases.
“Large organizations face significant vulnerability from AI-powered deepfakes in phishing attacks. To mitigate this risk, adopting a proactive, data-driven cyber risk management approach is crucial - this can help protect against substantial financial and reputational impacts.”
Ben Fidlow | Global Head of Core Analytics
“Large organizations face significant vulnerability from AI-powered deepfakes in phishing attacks. To mitigate this risk, adopting a proactive, data-driven cyber risk management approach is crucial. This can help protect against substantial financial and reputational impacts.” Ben Fidlow, Global Head of Core Analytics
02
Demand for data centers is booming with AI growth, and so are the resilience requirements. According to the IEA, electricity demand from AI-optimized data centers is projected to more than quadruple by 2030.[1] To keep pace with demand for AI, technology giants are building their own data facilities[2] while exploring nuclear power agreements as energy demand places additional pressures on already stressed grids. As data centers become increasingly critical infrastructure, your AI strategy will need to consider more than just technology – it will need to consider the wide array of risks data centers are exposed to. From understanding natural catastrophe risks to the need for new cyber scenarios, achieving resilience will require a wider view of risk.
“Large and complex organizations must prioritize climate transition & cyber resilience in energy strategies, assessing data center risks & integrating energy security to stay resilient in an AI-driven landscape.” Ester Calavia Garsaball, Senior Director, Head of Natural Catastrophe
03
While cyber-attack and data loss continue to rank highly as risks, AI is not showing up as a concern for Directors and Officers. 61% of respondents in WTW’s Global Directors’ and Officers’ Survey Report 2024/2025 consider that the board has the skills and knowledge to handle cybersecurity and data privacy matters. In contrast, AI ranked as the area where fewest people think the board has the necessary skills and knowledge. It’s essential that Boards educate themselves to stay ahead and be able to balance the enthusiasm for its benefits with prudent oversight of its evolving risks
“While AI may not have been a top priority for boards when surveyed last year, conversations since suggest that, for some at least, sentiment is shifting. With a growing array of risks demanding attention – and AI rising up the agenda in the short-term – focusing on asking the right questions can help uncover uncertainties and balance enthusiasm for innovation with informed oversight.”
Angus Duncan | WTW Executive Director – Global D&O Coverage Specialist
“While AI may not have been a top priority for boards when surveyed last year, conversations since suggest that, for some at least, sentiment is shifting. With a growing array of risks demanding attention – and AI rising up the agenda in the short-term – focusing on asking the right questions can help uncover uncertainties and balance enthusiasm for innovation with informed oversight.”
Angus Duncan, WTW Executive Director – Global D&O Coverage Specialist
When events haven’t occurred before it can be difficult to imagine what reality could look like. They also rarely happen in isolation.
We used AI to craft a scenario-based view into what could be waiting in your inbox on Monday morning if these events unfold together. While they seem implausible, each one is rooted in a past event or future possibility.
In a world where the speed of technology adoption outpaces regulatory adaptation, your competitive advantage won’t come from avoiding every crisis. It will come from your ability to recover faster than your competition and your plan for resiliency. Your responsibility is to plan which may include avoidance, mitigation or transfer but in all cases it includes the need to understand the interconnected nature and plan for resilience.
Effective leaders have shifted from traditional risk management protocols to more dynamic and responsible governance models for managing AI’s growth across industries and applications while adhering to their values. These leaders adopt principle-based governance practices that allow their organizations to benefit from AI technologies while reducing risks and increasing trust and accountability.
Is your organization ready to integrate AI successfully? Discover more – our global industry and enterprise risk management (ERM) specialists can help you.
